Today Sonatype and HP announced Sonatype’s Component Lifecycle Management (CLM) analysis technology has been integrated into HP’s cloud-based software security solution – HP Fortify on Demand.
Let me open your eyes to a tidal wave of change that has already flooded the development organizations across Financial Services and other industries: “Software applications are no longer coded from scratch. They are assembled from building blocks — commonly known as open source components.” This is not a prediction about a tidal wave to […]
Sonatype Nexus Security Advisory Date: January 14, 2014 Affected Versions: Nexus OSS/Pro versions prior to and including 2.7.0-06 Summary: A critical security vulnerability has been discovered by Sonatype in Nexus requiring immediate action. The vulnerability makes use of an execution path in an open source library that we have now (with the available patch) added […]
Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.
We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security
Part 3 — Part 4 Component-Capable Release Management is Key to DevOps – Part 5 Up Next DevOps conversations are dominated by release management and production deployment. These are the primary topics at the DevOps conferences that we have attended in Atlanta, New York, Vancouver, Portland, Barcelona and London. This concerns me at some […]
One of the approaches to software that I strongly believe in is taking advantage of latest product innovations in all new releases. I think it’s important to upgrade to the latest versions of build tools and components as soon as you can.
Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to […]
Part 2 — Part 3 of Component Management Strategy and DevOps – Part 4 Up Next Ok, I need a “blog post delivery tool chain” because part 3 in my DevOps series of blog posts is woefully behind my expected delivery date. It’s like a broken development process – I’m […]
CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]